sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-01 05:47:28 +03:00
Code

pidl: Assert that python arrays will not overflow the C array

Browse Source 
We do not write network services in Python, so this is not a security issue, but would cause
a crash or other odd behaviour if the length was changed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11430

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andrew Bartlett 2015-07-30 14:28:48 +12:00 committed by Stefan Metzmacher
parent bed29f3c92
commit e3cf25bdc0
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pidl/lib/Parse/Pidl/Samba4/Python.pm
View File

@ -1223,6 +1223,13 @@ sub ConvertObjectFromPythonLevel($$$$$$$$)
$self->pidl("$var_name = talloc_array_ptrtype($mem_ctx, $var_name, PyList_GET_SIZE($py_var));");
$self->pidl("if (!$var_name) { $fail; }");
$self->pidl("talloc_set_name_const($var_name, \"ARRAY: $var_name\");");
} else {
$self->pidl("if (ARRAY_SIZE($var_name) != PyList_GET_SIZE($py_var)) {");
$self->indent;
$self->pidl("PyErr_Format(PyExc_TypeError, \"Expected list of type %s, length %zu, got %zd\", Py_TYPE($py_var)->tp_name, ARRAY_SIZE($var_name), PyList_GET_SIZE($py_var));");
$self->pidl("$fail");
$self->deindent;
$self->pidl("}");
}
$self->pidl("for ($counter = 0; $counter < PyList_GET_SIZE($py_var); $counter++) {");
$self->indent;